Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport of [OSS] security: update x/net module into release/1.14.x #15744

Merged
merged 4 commits into from
Dec 8, 2022
Merged

Backport of [OSS] security: update x/net module into release/1.14.x #15744

merged 4 commits into from
Dec 8, 2022

Conversation

hc-github-team-consul-core
Copy link
Collaborator

Backport

This PR is auto-generated from #15737 to be assessed for backporting due to the inclusion of the label backport/1.14.

WARNING automatic cherry-pick of commits failed. Commits will require human attention.

merge conflict error: POST https://api.github.com/repos/hashicorp/consul/merges: 409 Merge conflict []

The below text is copied from the body of the original PR.

Description

Updating x/net package in Consul to resolve CVE-2022-41717.

The api module has an indirect dependency on x/net, but using go mod why -m golang.org/x/net leads me to believe that the downstream package github.com/miekg/dns doesn't use x/net/http2.

Testing & Reproduction steps

No manual tests were performed.

Overview of commits

@hc-github-team-consul-core hc-github-team-consul-core force-pushed the backport/dans/update-x-net-http2/enormously-loyal-leech branch from 6b4a21f to 786483f Compare December 8, 2022 21:46
@hc-github-team-consul-core hc-github-team-consul-core force-pushed the backport/dans/update-x-net-http2/enormously-loyal-leech branch from 786483f to 6b4a21f Compare December 8, 2022 21:46
github-team-consul-core-pr-approver
github-team-consul-core-pr-approver approved these changes Dec 8, 2022
View reviewed changes
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Auto approved Consul Bot automated PR

@github-actions github-actions bot added the pr/dependencies PR specifically updates dependencies of project label Dec 8, 2022
@DanStough DanStough marked this pull request as ready for review December 8, 2022 21:53
@DanStough DanStough merged commit 83bf3e4 into release/1.14.x Dec 8, 2022
@DanStough DanStough deleted the backport/dans/update-x-net-http2/enormously-loyal-leech branch December 8, 2022 22:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@github-team-consul-core-pr-approver github-team-consul-core-pr-approver github-team-consul-core-pr-approver approved these changes

@DanStough DanStough Awaiting requested review from DanStough

Assignees
No one assigned
Labels
pr/dependencies PR specifically updates dependencies of project
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@hc-github-team-consul-core @github-team-consul-core-pr-approver @DanStough @dhiaayachi